I. Field
The present invention generally relates to secure communications between remote computing devices and servers. More particularly, the invention relates to the creation, maintenance, revocation and renewal of secure client credentials used in providing strong authentication between remote computing devices and servers.
II. Background
Advances in technology have resulted in smaller and more powerful personal computing devices. For example, there currently exist a variety of portable personal computing devices, including wireless computing devices, such as portable wireless telephones, personal digital assistants (PDAs), and paging devices that are each small, lightweight, and can be easily carried by users. More specifically, the portable wireless telephones, for example, further include cellular telephones that communicate voice and data packets over wireless networks. Further, many such cellular telephones are being manufactured with relatively large increases in computing capabilities, and as such, are becoming tantamount to small personal computers and hand-held PDAs. Typically, these smaller and more powerful personal computing devices are severely resource constrained. For example, the screen size, amount of available memory and file system space, amount of input and output capabilities and processing capability may be each limited by the small size of the device. Because of such severe resource constraints, it is often typically desirable, for example, to maintain a limited size and quantity of software applications and other information residing on such personal computing devices (client computing devices).
Some of these personal computing devices utilize application programming interfaces (“APIs”), sometimes referred to as runtime environments and software platforms, that are installed onto their local computer platform and which are used, for example, to simplify operation of such devices, such as by providing generalized calls for device specific resources. Further, some such APIs are also known to provide software developers the ability to create software applications that are fully executable on such devices. In addition, often such APIs are known to be operationally located between the computing device system software and the software applications such that the computing device computing functionality is made available to the software applications without requiring the software developer to have the specific computing device system source code. Further, some like APIs are known to provide mechanisms for secure communications between such personal devices (i.e., clients) and remote devices (i.e., servers) using secure cryptographic key information.
Examples of such an APIs, some of which are discussed in more detail below, include those currently publicly available versions of the Binary Runtime Environment for Wireless® (BREW®) developed by Qualcomm, Inc., of San Diego, Calif. BREW® is sometimes described as a thin veneer existing over a computing device's (typically a wireless cellular phone) operating system, which, among other features, provides interfaces to hardware features particularly found on personal computing devices. BREW® is further characterized by, at least, the one advantage of being able to be provided on such personal computing devices at a relatively low cost with respect to demands on such device resources and with respect to the price paid by consumers for devices containing the BREW® API. Other features known to be associated with BREW® include its end-to-end software distribution platform that provides a variety of benefits for wireless service operators, software developers and computing device consumers. At least one such currently available end-to-end software distribution platform includes logic distributed over a server-client architecture, where the server performs, for example, billing, security and application distribution functionality, and the client performs, for example, application execution, security and user interface functionality.
Regarding providing strong authentication between client computing devices and servers, currently, some systems provide such secure communications by incorporating corresponding cryptographic (encryption) algorithms or programs on the corresponding client computing devices and servers. This is done in order to allow servers to authenticate client devices. Here, such systems typically provide similar cryptographic algorithms on the server to decipher whether a credential received from the apparent corresponding client is from a trusted, authenticated source. Such systems are characterized by the generation of credential-type information based on information all of which is available on, for example, each client computing device. Such systems are known to contain certain vulnerabilities such as the possibility of the loss of secure communications because of unauthorized access to any one of the copies of the cryptographic algorithm as it exists on any one of the corresponding client computing devices. This vulnerability exists, for example, because generally such cryptographic algorithms generate credential information based on available information often maintained on the corresponding client computing devices and/or servers. Therefore, when both the cryptographic algorithm and the data used by such algorithms are freely available, any entity that is successful in deciphering how credentials are generated in any such device, is now also all but in possession of the information that would allow such entity to selectively breach the secure communications otherwise present in such systems and masquerade as an authenticated and valid client computing device.
Other systems that provide secure communications between client computing devices and servers are known to do so by, at least in part, having a secure credential installed on the client computing devices at the time of manufacture. In one example, a service provider provides secure credentials to computing device manufacturers such that the manufacturers can install the individual secure credentials on separate client computing devices during the manufacturing process. Although such systems do not generally suffer from some of the vulnerabilities of those systems described above, e.g., those that maintain cryptographic algorithms on each of the handsets, such credential installation systems do have their own unique problems and vulnerabilities. For example, such credential installation systems are often difficult to implement because of the general requirement of having to add a dynamic step to what otherwise is typically a series of static steps that make up the manufacturing process. More specifically, unlike the typical static step that represents an identical operation performed on each and every computing device, the new dynamic step, in contrast, represents a new step where a different operation is performed (the adding of a unique credential) on each separate client computing device. This is highly unlike the typical static step of, for example, installing an identical display in an identical manner on each and every separate client computing device. In addition, at least one vulnerability of such systems include the potential occurrence of unauthorized access to the list of secure credentials that might allow unauthorized entities to spoof the identity of an otherwise authorized device.
In other systems, secure communication is provided, in part, by the installation or programming of phones by an authorized agent. Typically such programming occurs after the client computing devices have been manufactured and shipped. In one example, a secure credential is installed on the client computing device at the time and place of sale of the device. Here, in at least one example, an authorized agent inputs a code, from a list of unique secure codes, into the client computing device. In other instances, automated readers are used to transfer individual secure codes to each client computing device. Although, this process avoids some of the difficulties associated with programming such client computing devices at the time of manufacture, such as adding a dynamic manufacturing step to a typically static step process, this process still contains its own difficulties and vulnerabilities. For example, one vulnerability is the problem of potential unauthorized access to the list of secure credentials that would allow unauthorized entities to spoof the identity of an otherwise authorized device.
Also generally typical of currently available secure communication systems is the hard-wired or hard-coded aspect of the use of credentials on corresponding client devices. This hard-wired/hard-coded aspect of such systems requires that client devices be physically serviced by a service technician whenever a situation, such as a security breach, has occurred where, for example, any one or more credentials, need to be replaced, added to, and/or otherwise updated. Such a requirement to be physically serviced by a service technician is extremely costly, particularly when large numbers of client devices are compromised.
Accordingly it would be advantageous to provide a client-server system that includes many of the secure communication advantages inherent in general secure communications techniques, such as those associated with the use of secure credentials, while also avoiding other less advantageous aspects of such existing systems, such as the problems associated with storing cryptographic algorithms on client computing devices, requiring the installation of secure credentials at the time of manufacture or the programming of secure credentials at point of sale locations and the ability to update or replace these credentials in the event of a security breach.